用户名和密码无效 [英] Invaild username and password
本文介绍了用户名和密码无效的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
嗨
我正在使用Web应用程序.
在我的登录按钮上,我已经编写了此代码
Hi
I am using web application.
on my login button i have written this code
protected void btnlogin_Click(object sender, EventArgs e)
{
//sql connection
SqlConnection cnn = new SqlConnection();
cnn.ConnectionString = "connection string";
cnn.Open();
SqlCommand cmd = new SqlCommand("select mobileno,password from register where mobileno=''"+txtmoblie.Text +"''and password=''"+txtpassword.Text+"''",cnn);
cmd.Connection = cnn;
SqlDataReader dr = cmd.ExecuteReader();
if (txtmoblie.Text != "mobileno" && txtpassword.Text != "password")
{
Response.Write(@"<script language=''javascript''>alert(''Invalid Username and Password'')</script>");
}
else
{
Response.Redirect("signup.aspx");
}
cnn.Close();
}
它给了我无效的用户名和密码
请让我知道我哪里错了
在此先谢谢您.
It is giving me invalid username and password
please let me know where i am wrong
Thanks in advance.
推荐答案
重新设置以下内容并尝试:
relpace the following and try:
if (txtmoblie.Text != "mobileno" && txtpassword.Text != "password")
与
with
if (txtmoblie.Text != dr["mobileno"] && txtpassword.Text != dr["password"])
您想要列表吗?
我应该从哪里开始....
0)您确实意识到您不会获得使用字符串连接字符串"的SQL连接吗?您需要告诉它要使用哪个SQL Server实例和数据库.
1)为什么要根据手机号码和密码从数据库中检索密码和手机号码?您要做的就是撤回您已经拥有的信息.检索一个更有用的列,或者检索一个计数.
2)为什么要对SQL注入攻击敞开大门,这种攻击可能会意外或故意破坏数据库?请改用参数化查询.
3)为什么要以纯文本格式存储密码?您要做的就是让所有人的用户信息向所有希望查看的人开放.对其进行哈希处理并存储哈希值.此处有相关信息:密码存储:操作方法. [ ^ ]
4)为什么不实际使用数据库查询的任何结果?您测试的所有内容是说登录具有手机号"mobileno"和密码"password"的任何人
5)您确实意识到,即使您修复了这些问题,所有会发生的事情就是用户会感到烦恼吗?因为他会输入他的详细信息,所以您将对其进行检查,然后在重定向到signup.aspx页面时将其丢弃?
这听起来很刺耳吗?是的,它确实可以.
尝试一次做一件事.建立您的连接,并确保它可以正常工作.然后继续从DB检索infor,依此类推.
查看您的课程笔记,并尝试在此处确定应该做的事情...:笑:
Would you like a list?
Where should I start....
0) You do realize that you won''t get an SQL connection working with the string "connection string"? You need to tell it which SQL server instance, and database to use.
1) Why are you retrieving the password and mobile number from the database, based on the mobile number and the password? All you would be doing would be pulling back the information you already have. Either retrieve a more useful column, or retrieve a count.
2) Why are you leaving yourself wide open to SQL Injection attacks which can accidentally or deliberately destroy your database? Use Parametrized queries instead.
3) Why are you storing passwords in plain text? All you are doing is leaving everybodies user information wide open to everyone who wants to look at it. Hash it instead and store the hash. There is info on this here: Password Storage: How to do it.[^]
4) Why aren''t you actually using any of the results from your database query? All you test does is say "log in anyone who has the mobile number ''mobileno'' and the password ''password''
5) You do realize that even if you fixed these things, all that would happen is the user would get annoyed? Because he would type in his details, you would check them, then throw them away when you re-direct to the signup.aspx page?
Does that sound harsh? Yes, it probably does.
Try to do one thing at a time. Establish your connection, and make sure it works. Then move on to retrieving infor from teh DB, and so forth.
Look at your course notes, and try to work out what you are supposed to do here...:laugh:
您的问题是无法通过数据库打开连接.
因此,请按照以下代码进行数据库连接,并根据您的sql数据库填写四个连接参数.
Hi,
Your problem is connection is not open with database.
so that follow below code for data base connection, fill four connection parameter as per your sql database.
string ConnectionString ="Data Source=;Initial Catalog=;User ID=;Password=";
SqlConnection cnn = new SqlConnection(ConnectionString);
cnn.Open();
这篇关于用户名和密码无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
